CVE-2009-3075

critical

Description

Multiple unspecified vulnerabilities in the JavaScript engine in Mozilla Firefox before 3.0.14 and 3.5.x before 3.5.2, Thunderbird before 2.0.0.24, and SeaMonkey before 1.1.19 allow remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via vectors related to use of mutable strings in the js_StringReplaceHelper function in js/src/jsstr.cpp, and unknown vectors.

References

http://lists.opensuse.org/opensuse-security-announce/2010-06/msg00001.html

https://bugzilla.mozilla.org/show_bug.cgi?id=441714

https://bugzilla.mozilla.org/show_bug.cgi?id=505305

http://secunia.com/advisories/36669

http://secunia.com/advisories/36670

http://secunia.com/advisories/36671

http://secunia.com/advisories/36692

http://secunia.com/advisories/37098

http://secunia.com/advisories/38977

http://secunia.com/advisories/39001

https://exchange.xforce.ibmcloud.com/vulnerabilities/53158

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11365

https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A5717

http://www.debian.org/security/2009/dsa-1885

http://www.mozilla.org/security/announce/2009/mfsa2009-47.html

http://www.mozilla.org/security/announce/2010/mfsa2010-07.html

http://www.novell.com/linux/security/advisories/2009_48_firefox.html

http://www.redhat.com/support/errata/RHSA-2009-1430.html

http://www.redhat.com/support/errata/RHSA-2009-1431.html

http://www.redhat.com/support/errata/RHSA-2009-1432.html

http://www.redhat.com/support/errata/RHSA-2010-0153.html

http://www.redhat.com/support/errata/RHSA-2010-0154.html

http://www.ubuntu.com/usn/USN-915-1

http://www.vupen.com/english/advisories/2010/0648

http://www.vupen.com/english/advisories/2010/0650

Details

Source: Mitre, NVD

Published: 2009-09-10

Risk Information

CVSS v2

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Severity: Critical